摘要:
An authentication method selection using a home enhanced Node B (H(e)NB) profile is disclosed. A method for selecting an H(e)NB authentication method includes authenticating at least one of the device or the hosting party module by a security gateway (SeGW). The SeGW receives a request from the H(e)NB to start the authentication process. Based on information received from the H(e)NB and an authentication information server, the SeGW determines how to authenticate the H(e)NB. The possible authentication methods include device authentication only, device authentication and hosting party module authentication, requesting the H(e)NB to perform authentication using Extensible Authentication Protocol-Authentication and Key Agreement, or authentication of both the H(e)NB and one or more WTRUs connected to or attempting to connect to the H(e)NB.
摘要:
A secret stream of bits begins by receiving a public random stream contained in a wireless communication signal at a transmit/receive unit. The public random stream is sampled and specific bits are extracted according to a shared common secret. These extracted bits are used to create a longer secret stream. The shared common secret may be generated using JRNSO techniques, or provided to the transmit/receive units prior to the communication session. Alternatively, one of the transmit/receive unit is assumed to be more powerful than any potential eavesdropper. In this situation, the powerful transmit/receive unit may broadcast and store a public random stream. The weaker transmit/receive unit selects select random bits of the broadcast for creating a key. The weaker transmit/receive unit sends the powerful transmit/receive unit the selected bit numbers, and powerful transmit/receive unit uses the random numbers to produce the key created by the weaker transmit/receive unit.
摘要:
A method and apparatus for password management and single sign-on (SSO) access based on trusted computing (TC) technology. The methods implement the Trusted Computing Group (TCG)'s trusted platform module (TPM), which interacts with both proxy SSO unit and web-accessing applications to provide a secure, trusted mechanism to generate, store, and retrieve passwords and SSO credentials. The various embodiments of the present invention allow a user to hop securely and transparently from one site to another that belong to a pre-identified group of sites, after signing on just once to a secured proxy residing at the user's device.
摘要:
The present invention is related to a wireless transmit/receive unit (WTRU) for providing advanced security functions. The WTRU includes trusted platform module (TPM) for performing trusted computing operations; and a secure time component (STC) for providing a secure measurement of a current time. The STC and the TPM are integrated to provide accurate trusted time information to internal and external to the WTRU. The STC may be located on an expanded a subscriber identity module (SIM), on the WTRU platform, or two STCs may be used, one in each location. Similarly, the TPM may be located on an expanded SIM, on the WTRU platform, or two TPMs may be used, one in each location. Preferably, the STC will include a real time clock (RTC); a tamper detection and power failure unit; and a time report and sync controller.
摘要:
The present invention relates to secret key generation and authentication methods that are based on joint randomness not shared by others (JRNSO), in which unique channel response between two communication terminals generates a secret key. Multiple network access points use a unique physical location of a receiving station to increase user data security. High data rate communication data is encrypted by generating a random key and a pseudo-random bit stream. A configurable interleaving is achieved by introduction of JRNSO bits to an encoder used for error-correction codes. Databases of user data are also protected by JRNSO-based key mechanisms. Additional random qualities are induced on the joint channel using MIMO eigen-beamforming, antenna array deflection, polarization selection, pattern deformation, and path selection by beamforming or time correlation. Gesturing induces randomness according to uniquely random patterns of a human user's arm movements inflected to the user device.
摘要:
Systems, methods, and apparatus are disclosed for coordinating enforcement of policies on a network and/or a wireless transmit/receive unit. The policies may include stakeholder-specific policies of one or more stakeholders that provide services on a user equipment. Enforcement of the stakeholder-specific policies may be securely coordinated using a policy coordination function. Systems, methods, and apparatus are also disclosed that include a network policy coordination function (NPCF) that coordinates service control policies and access control policies. The NPCF may coordinate enforcement of the service control policies for one or more service control entities and the access control policies for one or more access control entities.
摘要:
The present invention discloses several methods to strengthen the integrity of entities, messages, and processing related to content distribution as defined by the Open Mobile Alliance (OMA) Digital Rights Management (DRM). The methods use techniques related to the Trusted Computing Group (TCG) specifications. A first embodiment uses TCG techniques to verify platform and DRM software integrity or trustworthiness, both with and without modifications to the DRM rights object acquisition protocol (ROAP) and DRM content format specifications. A second embodiment uses TCG techniques to strengthen the integrity of ROAP messages, constituent information, and processing without changing the existing ROAP protocol. A third embodiment uses TCG techniques to strengthen the integrity of the ROAP messages, information, and processing with some changes to the existing ROAP protocol.
摘要:
A wireless communications device may be configured to perform integrity checking and interrogation with a network entity to isolate a portion of a failed component on the wireless network device for remediation. Once an integrity failure is determined on a component of the device, the device may identify a functionality associated with the component and indicate the failed functionality to the network entity. Both the wireless network device and the network entity may identify the failed functionality and/or failed component using a component-to-functionality map. After receiving an indication of an integrity failure at the device, the network entity may determine that one or more additional iterations of integrity checking may be performed at the device to narrow the scope of the integrity failure on the failed component. Once the integrity failure is isolated, the network entity may remediate a portion of the failed component on the wireless communications device.
摘要:
Systems, methods, and instrumentalities are disclosed that may provide for integration of trusted OpenID (TOpenID) with OpenID. The authentication may be accomplished, in part, via communications between a trusted ticket server on a UE and a network application function. The UE may retrieve platform validation data (e.g., from a trusted platform module on the UE). The UE may receive a platform verification in response to the platform validation data. The platform verification may indicate that the network application function has verified the platform validation data and the user. The platform verification may indicate that the platform validation data matches a previously generated reference value.
摘要:
One or more wireless communications device may include one or more domains that may be owned or controlled by one or more different owners. One of the domains may include a security domain having ultimate control over the enforcement of security policies on the one or more wireless communications devices. Another one of the domains may include a system-wide domain manager that is subsidiary to the security domain and may enforce the policies of one or more subsidiary domains. The system-wide domain manager may enforce its policies based on a privilege level received from the security domain. The privilege level may be based on the level of trust between an external stakeholder, such as an owner of a domain that is subsidiary to the system-wide domain manager, and the security domain.